From e3fba4ecadaeaa2ab5fbb76b602b203b591f6d36 Mon Sep 17 00:00:00 2001 From: toby Date: Sun, 18 Nov 2018 02:22:04 +0100 Subject: [PATCH] prepping to flip back bastion to a loopback ip. setting firewall rule accordingly --- files/firewall | 1 + 1 file changed, 1 insertion(+) diff --git a/files/firewall b/files/firewall index 1d11976..3204ec5 100755 --- a/files/firewall +++ b/files/firewall @@ -22,6 +22,7 @@ case $1 in iptables -A INPUT -p udp --dport 500 --sport 500 -j ACCEPT # ipsec iptables -A INPUT -p udp --dport 4500 --sport 4500 -j ACCEPT # ipsec iptables -A INPUT -s 170.199.217.0 -p tcp --dport 22 -j ACCEPT # ssh from bastion + iptables -A INPUT -s 10.1.19.1 -p tcp --dport 22 -j ACCEPT # ssh from bastion iptables -A INPUT -s 170.199.217.0 -p udp --sport 53 -j ACCEPT # dns replies from bastion iptables -A INPUT -s 170.199.216.1 -p tcp --sport 2379 -j ACCEPT # etcd replies stackapi iptables -A INPUT -s 170.199.216.13 -p tcp --sport 443 -j ACCEPT # mirrors.wit.com